diff --git a/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense_alerts.json b/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense_alerts.json
new file mode 100644
index 00000000..da8271a2
--- /dev/null
+++ b/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense_alerts.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:217ea3260ae8d5ae05b1e62a257f2453b4ff94fee978241a4279962a43e87ff7
+size 767233
diff --git a/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense_alerts.yml b/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense_alerts.yml
new file mode 100644
index 00000000..06e37555
--- /dev/null
+++ b/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense_alerts.yml
@@ -0,0 +1,11 @@
+author: Bhavin Patel
+id: cf60356c-61a4-452f-96f6-c48a6d19b20a
+date: '2025-02-15'
+description: This dataset is from a demo environment for cisco:ai:defense
+environment: NA
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/cisco_ai_defense_alerts/cisco_ai_defense.log
+sourcetypes:
+- cisco:ai:defense
+references:
+- https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m01/cisco-unveils-ai-defense-to-secure-the-ai-transformation-of-enterprises.html
\ No newline at end of file